Centralized Identity Authentication for Electronic Communication Networks

ABSTRACT

A method of centralized identity authentication for use in connection with a communications network includes registering users of the communications network such that each registered user&#39;s identity is uniquely defined and determinable, and registering a plurality of vendors having a presence on the communications network. The registered vendors selectively transact with registered users, wherein the transactions include: (i) the registered vendor selling goods and/or services to the registered user; (ii) the registered vendor granting the registered user access to personal records maintained by the registered vendor; and/or (iii) the registered vendor communicating to the registered user personal information maintained by the registered vendor. The method also includes each user&#39;s identity being authenticated over the communications network prior to completion of transactions between registered vendors and registered users.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.14/026,350, filed on Sep. 13, 2013, which is a continuation of U.S.patent application Ser. No. 13/682,196, filed on Nov. 20, 2012, which isa continuation of U.S. patent application Ser. No. 12/870,052, filed onAug. 27, 2010, now U.S. Pat. No. 8,321,912, issued Nov. 27, 2012, whichis a continuation of U.S. patent application Ser. No. 11/602,668, filedon Nov. 21, 2006, now U.S. Pat. No. 7,797,731, issued Sep. 14, 2010,which is a continuation of U.S. patent application Ser. No. 09/798,830filed on Mar. 2, 2001, now U.S. Pat. No. 7,140,036, issued Nov. 21,2006, which claims priority from U.S. Provisional Application Nos.60/187,272; 60/187,271; and 60/187,341, all filed Mar. 6, 2000.

BACKGROUND OF THE INVENTION

The present invention relates to the art of Internet security and theauthentication of otherwise unknown users or individuals. It findsparticular application in conjunction with Internet basedaccess/communication of confidential and/or personal records (e.g.medical records, financial records, governmental records, etc.), andwill be described with particular reference thereto. However, it is tobe appreciated that the present invention is also amenable to other likeapplications where it is desirable to positively identify the user orindividual accessing the records to ensure that confidential and/orpersonal data is not improperly released to unauthorized requesters. Forexample, the invention is equally applicable to commercial transactionswhere it is desirable to positively identify the purchaser or good orservices.

The Internet is an electronic communications network useful fortransferring data or information. For example, many individuals or usersfind it advantageous to communicate, exchange data and/or conducttransactions with various entities, vendors, information providers andthe like having a presence on the Internet, e.g., governmental and lawenforcement agencies, law offices, hospitals, doctor offices, dentaloffices and other medical facilities, banks and financial institutions,credit card companies, insurance organizations, credit bureaus,pharmacies, retail stores, etc. For purposes herein, the foregoing willbe referred to generally as vendors.

The various entities or vendors often maintain databases containingpersonal records of citizens, clients, patrons, patients, accountholders, individuals or other like users associated with the entity orvendor. Accordingly, as the entities or vendors have a presence on theInternet and they maintain the respective databases of personal records,the Internet is a convenient vehicle for accessing and communicatingpersonal data or information (e.g., governmental records, medical ordental records, pharmaceutical record, financial records, votingrecords, records of commercial transactions, legal records, insurancerecord, etc.) to an authorized requester.

However, the Internet is, to a significant degree, unsecure. Data orinformation transferred or accessed over an unsecure communicationsnetwork is vulnerable to unauthorized capture and/or use. This isparticularly troublesome when the data or information, such as thatmentioned above, is personal and/or highly confidential in nature.Accordingly, Internet security directed to protecting confidentialpersonal information from fraudulent or unauthorizedaccess/communication is desired. For example, it is desirable toauthenticate a user's identity prior to fulfilling a request forconfidential information to ensure that the user is in fact authorizedto access the information. Likewise, for commercial transactions, it isadvantageous to authenticate a user's identity to ensure they areauthorized to use the account from which payment is to be made.

Security has heretofore been limited in the foregoing area. For example,many entities or vendors have separate disparate security measuresand/or authentication protocols. This is inconvenient and undulyrepetitive for users which desire access to and/or confidentialinformation from a plurality of distinct entities or vendors. Amultitude of disparate protocols and security measures results in theusers having to maintain numerous distinct passwords, IDs, electronickeys and/or other security software or devices, often, a different onefor each entity or vendor. Moreover, some entities or vendors may usefour character passwords which are capitalization sensitive while othersmay use eight character passwords which are capitalization independent.There is no standard authentication protocol among the various entitiesand vendors having a presence on the Internet. This makes keeping trackof the various protocols and remembering the various security passwordsand IDs even more difficult for users. Additionally, the variousentities and vendors are each separately authenticating users'identities. This is unduly repetitive and inefficient, especiallyconsidering that the entity or vendors' core competency is not likely toinclude identity authentication.

The present invention contemplates a new and improved centralizedauthentication system and technique for carrying out transactions andgranting access to personal information over a communications networkthat overcomes the above-referenced problems and others.

SUMMARY OF THE INVENTION

In accordance with one aspect of the present invention, a method ofcentralized identity authentication for use in connection with acommunications network is provided. The method includes registeringusers of the communications network such that each registered user'sidentity is uniquely defined and determinable, and registering aplurality of vendors having a presence on the communications network.The registered vendors selectively transact with registered users,wherein the transactions include: (i) the registered vendor selling atleast one of goods and services to the registered user; (ii) theregistered vendor granting the registered user access to personalrecords maintained by the registered vendor; and/or (iii) the registeredvendor communicating to the registered user personal informationmaintained by the registered vendor. The method also includes eachuser's identity being authenticated over the communications networkprior to completion of transactions between registered vendors andregistered users.

In accordance with a more limited aspect of the present invention, themethod further includes communicating results of the authentication toat least one of the registered user and the registered vendor involvedin the transaction.

In accordance with a more limited aspect of the present invention, themethod further includes authorizing the completion of transactionsbetween registered vendors and registered users.

In accordance with a more limited aspect of the present invention, theuser's identity is withheld from the vendor.

In accordance with a more limited aspect of the present invention, theauthentication is carried out using at least two-factor authentication.

In accordance with a more limited aspect of the present invention, thevendors are selected from a group consisting of governmental agencies,medical-records keepers, financial institutions, credit card companies,insurance organizations, credit bureaus, pharmaceutical concerns andretail concerns.

In accordance with a more limited aspect of the present invention, themethod further includes notifying the registered user when anon-authentic user attempts to transact with a registered vendor posingas the registered user.

In accordance with a more limited aspect of the present invention,registering users includes obtaining personal data related to the users,and verifying the users' identities.

In accordance with a more limited aspect of the present invention,verifying the users' identities is accomplished by comparing forconsistency the personal data obtained with corresponding personal datamaintained by registered vendors.

In accordance with another aspect of the present invention, acentralized identity authentication system includes a computer connectedto a communications network and means for registering users of thecommunications network such that each registered user's identity isuniquely defined and determinable. The system also includes means forregistering a plurality of vendors having a presence on thecommunications network and a central database accessible by thecomputer. The central database contains accounts created by theregistering means for each registered user and each registered vendor.The accounts include records of data collected by the registering means.Means for authenticating registered users' identities collectauthentication data from users over the communication network andcompare it to corresponding data from account records in the centraldatabase such that when there is a match the user providing theauthentication data is deemed to be the registered user which holds theaccount.

In accordance with a more limited aspect of the present invention, thecommunications network is the Internet.

In accordance with a more limited aspect of the present invention, thevendors are selected from a group consisting of governmental agencies,medical-records keepers, financial institutions, credit card companies,insurance organizations, credit bureaus, pharmaceutical concerns andretail concerns.

In accordance with a more limited aspect of the present invention, thesystem also includes means for communicating results of theauthentication to at least one of respective users and vendors involvedin transactions with one another.

In accordance with a more limited aspect of the present invention, thesystem also includes means for notifying a true registered user of afailed authentication attempt carried out by the authentication means onan imposter.

One advantage of the present invention is that access to andcommunication of personal and/or confidential information is privately,securely and readily carried out.

Another advantage of the present invention is that users and vendors areprotected from fraudulent or otherwise unauthorized access toconfidential personal records.

Yet another advantage of the present invention is that theauthentication efforts are not unduly duplicative.

Still another advantage of the present invention is that informationfrom a plurality of distinct vendors is accessible using a singleauthentication vehicle thereby reducing the demands on users associatedwith having to support and maintain multiple authentication vehicles.

Still further advantages and benefits of the present invention willbecome apparent to those of ordinary skill in the art upon reading andunderstanding the following detailed description of the preferredembodiments.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention may take form in various components and arrangements ofcomponents, and in various steps and arrangements of steps. The drawingsare only for purposes of illustrating preferred embodiments and are notto be construed as limiting the invention.

FIG. 1 is a block diagram showing a centralized authentication system inaccordance with aspects of the present invention for use in connectionwith a communications network.

FIG. 2 is a block diagram showing a user registration process inaccordance with aspects of the present invention.

FIG. 3 is a block diagram showing a vendor registration process inaccordance with aspects of the present invention.

FIG. 4 is a block diagram showing an exemplary operation of thecentralized authentication system of FIG. 1 in accordance with aspectsof the present invention.

FIG. 5 is a block diagram showing an exemplary data transfer processbetween two vendors in accordance with aspects of the present invention.

FIG. 6 is a block diagram showing an alternate exemplary operation ofthe centralized authentication system of FIG. 1 in accordance withaspects of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

In accordance with aspects of a preferred embodiment of the presentinvention, FIG. 1 shows a centralized authentication system A includingan authenticating agent 10 which maintains a presence on the Internet 20or other like communications network via a server 12 or otherwise. Aplurality of distinct vendors or entities 30 a-n also maintain apresence on the Internet 20 via servers 32 a-n or otherwise. Theentities or vendors 30 a-n optionally include governmental or lawenforcement agencies, law offices, hospitals, doctor offices, dentaloffices or other medical facilities, banks or financial institutions,credit card companies, insurance organizations, credit bureaus,pharmacies, retail stores, etc.

A user (individual, business or otherwise) 40 gains access to theInternet 20 using a computer 42 with an appropriate web browser or otherlike software running thereon. Of course, the centralized authenticationsystem A is preferably administered to multiple similarly situated users40. However, in the interest of simplicity herein, only one user 40 isshown in FIG. 1.

Each entity or vendor 30 a-n also optionally maintains a database 34a-n. The respective databases 34 a-n contain personal and/orconfidential records, data or information related to citizens, clients,patrons, patients, account holders, or other users serviced by orotherwise associated with the entity or vendor 30 a-n. As appropriatefor the respective type of entity 30 a-n, the data or informationcontained in the databases 34 a-n is optionally, medical or dentalrecords, governmental records, voting data, law enforcement records,driving records, financial records, insurance records, legal records,credit records, commercial transaction data, pharmaceutical records,etc. for the users serviced by or otherwise associated with therespective entity.

While not explicitly proposed in every instance described herein, it isto be appreciated that security is further enhanced by optionallyencrypting, with known encryption techniques, any or all of thecommunications relayed or otherwise transmitted over the Internet 20.

With additional reference to FIG. 2, a user registration process 100 isadministered by the authenticating agent 10. The user registrationprocess 100 enables a user 40 to participate in and/or utilize thecentralized authentication system A. User registration is carried outsuch that each user's identity is uniquely defined and determinable.Registration of a user 40 optionally begins with a visit by the user 40to the authenticating agent 10. Preferably, over the Internet, theinterested user 40, using an appropriate web browser, accesses a userregistration page 102 which is made available via the agent's server 12.As the user registration process 100 continues, user registration data104 (e.g., name, address, length at residence, own or rent residence,e-mail address, home phone number, work phone number, social securitynumber, date of birth, mother's maiden name, employer, income,employment status, etc.) is collected or otherwise obtained by the agent10 from the potential new user 40 who is making application forparticipation in the system A. Prior to accepting the new user 40, theuser 40 is evaluated by the agent 10.

Preferably, the evaluation process 106 verifies the user's identity fromthe collected registration data 104 and determines the user'squalifications for participation, including optionally determining theuser's credit worthiness. Optionally, the collected data 104 is used toverify the user's identity by determining its consistency withinformation made available from participating entities 30 a-n, i.e.,information from databases 34 a-n. To retrieve the information from theentities 30 a-n, the agent 10 preferably obtains consent from the user40 to access the same when the registration data 104 is collected.

When the user 40 intends to conduct commercial transactions using thesystem A, the user's credit worthiness is preferably evaluated. Indetermining credit worthiness, the agent 10 optionally passes relevantuser registration data to an appropriate financial institution or creditbureau where it is analyzed for credit worthiness. Alternately, the datais analyzed by the agent's own credit approval system. The analysispreferably includes the application of known credit approval techniquesand algorithms which determine credit worthiness. Alternately, one ormore, new or previously existing debit or credit accounts are set upbased on the analysis and/or the financial data obtained.

Upon completion of the evaluation process 106, the agent 10 decides, atdecision step 108, if the potential new user 40 has passed or failed theevaluation. If the user 40 has failed the evaluation, they are sonotified, e.g., via an application denial page 110 being send to theuser's computer 42 from the agent's server 12. Once the denial has beensent the registration process 100 ends. Alternately, the user 40 isgiven the option to change or correct the submitted registration data104.

On the other hand, if the user 40 passes the evaluation, then anappropriate user account is opened 112 and the user 40 notified of theoutcome, e.g., via an application accepted page 114 being sent to theuser's computer 42. The acceptance page 114 preferably includesinformation related to the created account including, e.g., an accountnumber or an assigned or selected user ID, a list of any limits orrestriction placed on the account by the user 40 or agent 10, and/orother related data.

The created account and data or information related thereto ispreferably maintained by the agent 10 in its database 14 along with theaccounts for other registered users. In conjunction with the accountcreation, an authentication vehicle is set up for the user 40. Theauthentication vehicle is preferably two-factor authentication. However,authentication using more or less factors is contemplated depending onthe level of security desired. In a preferred embodiment, theauthentication vehicle is a dynamically changing password implementedvia a hardware token issued to the user 40, a software object loaded onthe user's computer 42 or some combination of both. Alternately, thedynamically changing password is generated by an algorithm which issynchronized to a clock or it is sequentially selected from a limitedpre-generated list of random or quasi-random values. In still othercontemplated embodiments, other secure authentication vehicles and/ortechniques may be employed, e.g., challenge response, quick log mode,other one or more factor authentication methods such as a staticusername and password or pin number, smart cards, or biometricauthentication such as fingerprint recognition and retinal scanners etc.To the varying degree desired, the selected authentication techniqueenables the agent 10 to positively identify registered users of thesystem A. Optionally, different types of authentication vehicles areemployed for different users and/or vendors to accommodate theirparticular preferences.

In another preferred embodiment, the user 40 does not directly registerwith the agent 10. Rather, the registration data 104 is collected forthe agent 10 by a trusted representative which in turn conveys it to theagent 10, optionally, in batch form. For example, the trustedrepresentative may be a registered vendor 30 that independently signs upusers 40 for the system A. In any event, the registration process may beessentially the same as shown in FIG. 2 with the trusted representativetaking the place of the user 40.

With additional reference to FIG. 3, the entities or vendors 30 a-n arealso registered to participate in the system A. Preferably, the agent 10administers the vendor registration process 200. The vendor registrationprocess 200 is similar to the user registration process 100. Itpreferably is carried out online. In a preferred embodiment, via theserver 12, the agent 10 provides an interested vendor 30 with a vendorregistration page 202 which is used to capture or otherwise retrievevendor data 204 (e.g., the vendor's name, place of business, type ofbusiness, Internet address, the type of records maintained in thevendor's database 34, the description or parameters of the vendor'sdatabase 34, a list of serviced users 40 and the parameters for eachuser's access to the vendor's database 34, etc.). At step 206, thevendor is evaluated to determine compatibility of the vendor's practiceswith the system A. For example, it is optionally determined if thevendor 30 maintains suitably reliable records of interest to users 40.Additionally, the vendor's general business practices may be evaluatedand their participation denied to insulate users 40 from vendors 30 withpoor customer relations/satisfaction or other potentially undesirabletraits.

Upon completion of the evaluation process 206, the agent 10 decides, atdecision step 208, if the potential new vendor 30 has passed or failedthe evaluation. If the vendor 30 has failed the evaluation, they are sonotified, e.g., via a vendor denial page 210 being sent to the vendor30. Once the denial has been sent the registration process 200 ends.Alternately, the vendor 30 is given the option to change or correct thesubmitted registration data 204. On the other hand, if the vendor 30passes the evaluation, then an appropriate vendor account is opened 212and the vendor 30 notified of the outcome, e.g., via a vendor acceptedpage 214 being sent to the vendor. The acceptance page 214 preferablyincludes information related to the created account including, e.g., avendor account number or an assigned or selected user ID, a list of anylimits or restrictions placed on the account by the vendor 30 or agent10, and/or other related data. The created vendor account along with anyinformation or data related thereto is preferably maintained by theagent 10 in its database 14.

In the case of both users and vendors, if approved and participation isstill desired, the user or vendor optionally supplies the agent 10,along with an indication of acceptance, additional account creationdata. In the case of the user 40 the addition account creation dataoptionally includes, e.g., a secret personal identification number(PIN), the answers to a number of designated or otherwise selectedsecurity questions, designated limits or restrictions on the use of theaccount, etc. The security questions are preferably questions to whichonly the user 40 is likely to know the answers (e.g., the accountholder's first car, the name of the account holder's dog or the like).The security questions preferably provide an added measure by which topositively identify the user 40 during authentication insomuch as onlythe true user of the account is likely to know the answers to thequestions.

The accounts for users 40 may also contain information or data relatingto account privileges. In a preferred embodiment, the user 40 has theoption to customize or modify their account privileges. The accountprivileges are customized by the user 40, for example, by accessing theagent's server 12 over the Internet 20. For security purposes, the user40 is optionally authenticated as an authorized user of the account,preferably, using the below described authentication procedure, prior topermitting any account modifications. However, at initial accountcreation, the below-described authentication procedure may not beemployed. The account privileges are optionally set by the user 40 tolimit the use of the account in the system A. That is to say, the setaccount privileges may restrict the account so that transactions thereonare not authorized for specified participating vendors 30 a-n, so thatautomatically recurring transactions carried out absent the directparticipation of the user 30 are not authorized, so that for commercialtransactions purchases over a certain price limit are not authorized,and the like.

In the case of the vendor 30, once the vendor has accepted, the agent 10forwards a participation kit to the vendor 30 enabling the vendor 30 toparticipate in the centralized authentication system A. Online, the kitis preferably forwarded via the Internet 20. The participation kitoutlines the rights and responsibilities or duties of the vendor 30 withrespect to their participation in system A. Optionally, the kit includesa participation agreement and a software object for installation on thevendor's server 32. After the vendor 30 signs the agreement physically,electronically or otherwise, it is returned to the agent 10, perhapsthrough the agent's server 12. Upon receipt of the signed agreement, theagent 10 maintains the agreement, vendor registration data, etc., in itsdatabase 14, optionally, accessible by both the agent 10 and the vendor30.

The software object acts to interface the vendor's server 32 with thecentralized authentication system A. Optionally, the software object isfunctional to recognize pre-authenticated users directed to the vendor'sserver 32 from the agent's server 12. In another embodiment, thesoftware object automatically routes users directly accessing thevendor's server 32 to the agent 10 for authentication, preferably, onthe agent's server 12.

By way of example, FIG. 4 shows user 40 accessing personal and/orconfidential information from one or more registered vendors 30 a-n. Anauthenticated data access process 300 begins with a registered user 40contacting the agent 10, preferably, over the Internet 20. The agent 10conducts an authentication procedure 302 to positively identify the user40, i.e., to ensure that the user 40 is registered and is in fact who heclaims to be. The authentication procedure 302 preferably includes theagent 10 presenting an authentication page to the use 40. Theauthentication page is set up to collect authentication data from theuser 40. Depending on the authentication vehicle set up for the user 40,the authentication data may include a user name or ID, a secretpassword, a dynamically changing password, a PIN, answers to securityquestions, biometric data, etc. The authentication data collected by theagent 10 is compared for consistency to the user account informationmaintained in the agent's database 14, and where there is a match, theuser 40 is deemed authentic and positively identified as the holder ofthe matching account.

At decision step 304, it is determined if the user 40 has passed theauthentication procedure 302. If the user 40 has not passed theauthentication procedure 302, an access denied page 306 is returned tothe user 40 informing him of his failure to be authenticated.Optionally, the access denied page 306 permits the user 40 to changeand/or correct previously mis-entered authentication data and try again.The number of tries is, however, preferably limited.

On the other hand, if the user 40 passes the authentication procedure302, the agent 10 administers a request processing procedure 308. Therequest processing procedure 308 retrieves the information or datarequested by the user 40 from the respective vendors 30 a-n, andforwards the same back to the user 40, e.g., via a requested informationpage 310. In another preferred embodiment, the pre-authenticated user 40is redirected to the desired vendor's server 32 a-n where the user'sauthenticated identity is recognized, e.g., via the software objectinstalled thereon, and the vendor 30 and user 40 process informationrequests and/or carry out commercial transactions directly withoutfurther involvement of the agent 10.

In any event, as shown in FIG. 4, the request processing procedure 308begins with the user 40 requesting, or the agent's server 12 otherwisedisplaying, a page with a directory listing registered vendors 30 a-nthat participate in the centralized authentication system A. The user 40is then free to select the registered vendor or vendors of his choicefrom the directory. Optionally, the user 40 is prohibited from selectingthose vendors for which the user 40 does not have authorized access.This may be the case when either the user's account or vendor's accounthas been selectively limited or restricted as indicated in the agent'sdatabase 14. That is to say, the user's account optionally lists thosevendors which maintain personal and/or confidential data relating to therespective user. Accordingly, they would not have access to unlistedvendors. Moreover, the user 40 may expressly desire to prohibit accessto certain vendors. On the vendor account side, the database 14 may listfor each vendor 30 a-n those users having information maintained in thevendors' respective databases 34 a-n. Accordingly, unlisted users wouldnot be granted access to the vendor. Moreover, certain vendors 30 maywish to expressly prohibit access by certain users 40.

After selecting a vendor 30, the agent 10 provides the user 40 with ainformation or data selection page from which the user 40 selects theinformation or data desired from the chosen vendor 30. Preferably, thedata selection page lists only the information or data available fromthe selected vendor 30 as determined by the description of the vendor'sdatabase 34 which is retained in the agent's database 14. Uponcompletion of the data selection page, the agent 10 retrieves therequested information from the selected vendor 30 and forwards it to theuser 40, e.g., via the requested information page 310. Note, thesoftware object installed on the vendor's server 32 at the time of theirregistration optionally permits the agent's server 12 to interfacetherewith and retrieve the desired information.

In a preferred embodiment, the user 40 is permitted to make multipleinformation requests from various vendors prior to executing theretrieval and forwarding of the desired data. In this case, the user 40proceeds and/or loops back through multiple vendor listing pages and/ordata selection pages. As the user 40 proceeds, the individualinformation requests are collected and stored in a virtual shopping cartor the like. When desired, the user 40 proceeds to an execution pagewhere the requests are processed in batch.

At step 312, once the request has been processed or simultaneouslytherewith, the agent 10 creates a record of the transaction andmaintains the same in its database 14. The record is optionally storedwith the respective user's account, the respective vendor's account orboth. The transaction record preferably contains data related to thetransaction such that the details of a particular transaction may bereviewed for tracking purposes if desired to determine what actions tookplace or the current status of a request's processing. For example, thetransaction record optionally contains the identity of the user whichrequested the information, the vendor supplying the information, theinformation supplied, the date and time of the transaction, a uniquetransaction identifier or authorization number, etc. In this manner,transaction details are preserved such that any potential futurediscrepancies among the users 40, the vendors 30 a-n and/or the agent10, may readily be resolved.

In a preferred embodiment, the agent 10 also conducts an independentnotification procedure 314 wherein participants in the transaction areindependently notified of it. Preferably, independent confirmation thatan information request has been received and/or that the processing ofthe same has been completed is sent to all the participants, i.e., therespective user 40 and vendor 30. Optionally, the notification isautomatically forwarded to the respective e-mail addresses on file forthe participants in the agent's database 14. The notification preferablyincludes the data from the generated transaction record.

Additionally, via the notification procedure 314, the agent 10preferably independently notifies a registered user 40 when anauthentication attempt fails. The failure notification is preferablyforwarded to the e-mail address on file for the user in the agent'sdatabase 14. In this manner, a true user is made aware of an attemptedunauthorized accessing of their personal and/or confidential records.

It is to be appreciated that while the foregoing discussion is primarilydirected to users 40 obtaining desired information from various vendors30 a-n, the centralized authentication system A is equally applicable tousers 40 providing or forwarding information to the various vendors 30a-n. That is to say, the user 40 may optionally access the vendors 30a-n through the centralized authentication system A in order to modifyor update their respective records maintained in the vendors' databases34 a-n. The request processing procedure 308 merely works in reverse,i.e., it operates to retrieve updated data from the user 40 (e.g., via adata update page presented to the user 40 by the agent 10) and forwardthe updated data to the respective vendors 30 a-n for storage in theirdatabases 34 a-n.

On occasion, a user 40 may desire to have personal and/or confidentialinformation maintained by one vendor (e.g., vendor 30 a) communicated toanother vendor (e.g., vendor 30 b). Accordingly, the centralizedauthentication system A is, in a preferred embodiment, equipped tohandle such occasions. For example, FIG. 5 shows, in block diagram form,a data transfer process 400 in accordance with aspects of the presentinvention, whereby a user 40 transfers, via the centralizedauthentication system A, personal and/or confidential informationmaintained by vendor 30 a to vendor 30 b. As shown in FIG. 5, the user40 is presumed to have been authenticated, preferably, in the same orsimilar manner as described above with respect to FIG. 4. Havingauthenticated the user 40, the agent 10 receives, at step 402, a datatransfer request, optionally, via a web page or the like provided to theuser 40 by the agent 10 for requesting the same. Optionally, the datatransfer request may be initiated by an object, link or the likeexisting on the provided directory page listing the registered vendorssuch that when the link or object is chosen by the user 40, the agent 10begins the data transfer process 400.

At the next step 404, the agent 10 collects transfer request data fromthe user 40. Preferably, the transfer request data includes anidentification of the source vendor, the destination vendor, and theinformation to be transferred. Of course, the only vendors and/orinformation that may be designated or selected by the user 40 are thosefor which the authenticated user 40 is authorized access as determinedby the records/account information maintained in the agent's database14. In accordance with the collected transfer request data provided bythe user 40, at step 406, the agent 10 obtains the identifiedinformation or data from the identified source vendor, in this example,vendor 30 a.

Optionally, the agent 10, at step 408, reformats or converts theobtained data from the source vendor 30 a into a format compatible withor otherwise acceptable to the destination vendor, in this example,vendor 30 b. That is to say, the database and/or format of informationmaintained by vendor 30 a may not be the same as vendor 30 b. Forexample, there may be different data fields with different names whichmay be arranged in different orders, or the data may be delineateddifferently, or the data may be encrypted or compressed differently. Inany event, at step 408, the agent 10 reformats or converts the data sothat it is accurately mapped or otherwise recorded into the appropriatelocation or corresponding data field in the destination vendor'sdatabase 34 b. The agent 10 accomplishes the appropriate reformattingusing the known information about or description of each vendor'sdatabase obtained in the vendor registration process 200.

After reformatting, at step 410, the agent 10 forwards the data to thedestination vendor 30 b as indicated by the user 40 in the collectedtransfer request data. While not shown, preferably, the data transferprocess 400 is concluded with procedures akin to procedures 312 and 314described above.

In a preferred embodiment, the users 40 and vendors 30 a-n mayselectively update and/or otherwise modify their accounts as desired.Various account options are preferably made available for them toexercise and their choices are maintained with their account informationin the agent's database 14. Consequently, the agent 10 has theinformation with which to regulate access in accordance with the desiresof the registered users and vendors.

For example, the registered users 40 or vendors 30 a-n may selectivelyrestrict or permit access to their information. Optionally, primaryusers 40 may designate other secondary registered users 40 which areauthorized to access their personal and/or confidential information.Preferably, the extent of the authorization may be regulated by theprimary user 40. For example, a secondary user 40 may be given onlyone-time access to retrieve information from a vendor's database 34 butbe prohibited from updating or modifying information. Alternately, asecondary user 40 may be given unlimited access to selected vendors butno access to other vendors. In still another example, only particularinformation from a vendor may be restricted from access. Likewise, thevendors 30 a-n may impose certain restriction or grant certainauthorizations to designated users. In this manner, the centralizedauthentication system A may be custom fit to the desires of eachparticipant.

With reference to FIG. 6, in another preferred embodiment of the presentinvention, the user 40 accesses a selected vendor 30 directly, e.g.,over the Internet 20. Prior to completion of their interaction (i.e.,before the delivery of requested information, granting of desired accessor carrying out of selected commercial transactions), the authenticationprocess 500 is administered. Completion of the vendor-user interactionis optionally initiated by the user 40 selecting or otherwise activatinga link on a check-out or execution page provided by the vendor 30. Thelink is optionally associated with the software object installed on thevendor's server 32, i.e., the software object that came with thevendor's registration kit. The link and/or associated software objectredirects the user 40 to the agent's server 12 for authentication andoptional authorization.

At step 502, the agent 10 receives the redirected user 40 from thereferring vendor 30. At step 504, authentication data is collected fromthe user 40. Preferably, the authentication data is collected via a datacollection page provided to the user 40 by the agent 10. The datacollection page is set up to collect authentication data from the user40. Depending on the authentication vehicle set up for the user 40, theauthentication data may include a user name or ID, a secret password, adynamically changing password, a PIN, answers to security questions,biometric data, etc. After collecting the authentication data, theauthentication process 506 is carried out. The authentication process506 involves the agent 10 comparing for consistency the collectedauthentication data to the user account information maintained in theagent's database 14. Where there is a match, the user 40 is deemedauthentic and positively identified as the holder of the matchingaccount. The data collection step 504 and authentication process 506collectively are essentially the same as the authentication process 302described above.

At decision step 508, it is determined if the user 40 has passed theauthentication process 506. If the user 40 has not passed theauthentication process 506, an access denied page 510 is returned to theuser 40 informing him of his failure to be authenticated. Optionally,the access denied page 306 permits the user 40 to change and/or correctpreviously mis-entered authentication data and try again. The number oftries is, however, preferably limited. Preferably, each denial is alsoreported to the referring vendor 30.

On the other hand, if the user 40 passes the authentication procedure506, the agent 10, at step 512, returns the user 40 to the referringvendor 30 along with an indication of the user's authentication and/oridentity. At that point, the vendor 30 and/or user 40 may interact asthey see fit. Nevertheless, the vendor 30 is made aware of the user'sauthenticity and/or identity prior to completion of a commercialtransaction, forwarding of, and/or granting access to,personal/confidential information, etc.

Optionally, the agent 10 also returns to the vendor 30 selected and/orrequested authorization data. The authorization data optionallyindicates a level of authorization set for the identified user 40. Thelevel may have been set by the user 30 or vendor 40 upon registration orupon subsequent modification of the respective user and/or vendoraccounts maintained by the agent 10. Alternately, the selectedauthorization data to be sent is predefined or individually requestedwhen the user 40 is redirected to the agent 10 by the vendor 30. Theindicated level returned to the vendor preferably informs the vendor 30of the degree of access to be granted the user 40 topersonal/confidential data maintained by the vendor 30, the dollaramount which the user 40 is authorized to spend in a given commercialtransaction, etc. While not shown, preferably, the authenticationprocess 500 is concluded with procedures akin to procedures 312 and 314described above.

In one preferred embodiment, the user's identity is withheld from thevendor 30. In this manner, the users 40 maintain their privacy while thevendors 30 are assured by the agent 10 that the users 40 are authorizedfor the contemplated transaction or to access the information beingrequested. This privacy aspect is optionally implemented in any of theembodiments shown in the FIGURES where the agent 10 is responsible forboth the authentication and optional authorization. By relying on theagent 10 to fulfill both these functions, the vendor 30 can carry outtheir end of a transaction or interaction without knowing the actualidentity of the user 40. All the vendor 30 has to know is that the user40 is in fact authentic and authorized to perform the selected function.

Preferably, the process and/or procedure carried out by the agent 10 asdescribed above are implements via software, computer programs or likerunning on the agent's server 12, via hardware connected to the agent'sserver or via a combination thereof. Additionally, while described abovewith reference to the Internet 20, it will be appreciated by those ofordinary skill in the art, that other communications networks, local orwide area computer networks, cellular networks, hard wired networks,networks including point of sale terminals, etc., may also be employedas the means for communicating the data and/or information from oneparticipant to another.

The invention has been described with reference to the preferredembodiments. Obviously, modifications and alterations will occur toothers upon reading and understanding the proceeding detaileddescription. It is intended that the invention be construed as includingall such modifications and alterations insofar as they come within thescope of the appended claims or the equivalents thereof.

Having thus described the preferred embodiments, the invention is nowclaimed to be:
 1. A computer-implemented method for securelytransferring sensitive data from a first system to a second system usinga centralized authentication system, comprising: registering, with anagent server of the centralized authentication system, a plurality ofvendor systems including at least a first vendor system and a secondvendor system; registering, with the agent server, a plurality of users,each user of the plurality of users associated with authentication data;authenticating, with the agent server, a user of the plurality of usersbased on the authentication data associated with the user, wherein theuser is located remotely from the agent server and accesses the agentserver through a computer in communication with the agent server via anetwork; receiving, with the agent server, transfer request data fromthe computer operated by the user, the transfer request data comprisingan identification of sensitive data maintained by the first vendorsystem and an identification of the second vendor system; in response toreceiving the transfer request data, retrieving, with the agent server,the sensitive data from the first vendor system, the sensitive datastructured in a first format; converting, with the agent server, thesensitive data from the first format to a second format based on adatabase structure associated with the second vendor system; andtransferring, with the agent server, the converted sensitive data to thesecond vendor system.
 2. The computer-implemented method of claim 1,further comprising: retrieving, with the agent server, the sensitivedata from the computer operated by the user through a webpage; andforwarding, with the agent server, the sensitive data to the firstvendor system.
 3. The computer-implemented method of claim 1, whereinthe computer operated by the user transmits the transfer request data inresponse to selecting a link or object on a directory page listing atleast a portion of the plurality of vendor systems.
 4. Thecomputer-implemented method of claim 1, wherein the identification ofthe sensitive data in the transfer request data comprises selectedinformation from sensitive records maintained by the first vendorsystem.
 5. The computer-implemented method of claim 1, whereinconverting the sensitive data to the second format comprises compressingor encrypting the sensitive data.
 6. The computer-implemented method ofclaim 1, wherein converting the sensitive data to the second formatcomprises mapping a plurality of data fields of the first format to aplurality of data fields of the second format.
 7. Thecomputer-implemented method of claim 1, wherein registering theplurality of vendor systems comprises registering database informationassociated with each vendor system in a database, and wherein thesensitive data is converted to the second format based on databaseinformation for the second vendor system stored in the database.
 8. Asystem for securely transferring sensitive data from a first system to asecond system using a centralized authentication system, comprising: anagent server of the centralized authentication system, the agent servercomprising at least one processor programmed or configured to: registera plurality of vendor systems including at least a first vendor systemand a second vendor system; register a plurality of users, each user ofthe plurality of users associated with authentication data; authenticatea user of the plurality of users based on the authentication dataassociated with the user, wherein the user is located remotely from theagent server and accesses the agent server through a computer incommunication with the agent server via a network; receive transferrequest data from the computer operated by the user, the transferrequest data comprising an identification of sensitive data maintainedby the first vendor system and an identification of the second vendorsystem; in response to receiving the transfer request data, retrieve thesensitive data from the first vendor system, the sensitive datastructured in a first format; convert the sensitive data from the firstformat to a second format based on a database structure associated withthe second vendor system; and transfer the converted sensitive data tothe second vendor system.
 9. The system of claim 8, wherein the at leastone processor is further programmed or configured to: retrieve thesensitive data from the computer operated by the user through a webpage;and forward the sensitive data to the first vendor system.
 10. Thesystem of claim 8, wherein the computer operated by the user transmitsthe transfer request data in response to selecting a link or object on adirectory page listing at least a portion of the plurality of vendorsystems.
 11. The system of claim 8, wherein the identification of thesensitive data in the transfer request data comprises selectedinformation from sensitive records maintained by the first vendorsystem.
 12. The system of claim 8, wherein the sensitive data isconverted to the second format by compressing or encrypting thesensitive data.
 13. The system of claim 8, wherein the sensitive data isconverted to the second format by mapping a plurality of data fields ofthe first format to a plurality of data fields of the second format. 14.The system of claim 8, further comprising a database in communicationwith the agent server, the database comprising database informationassociated with each vendor system, wherein the sensitive data isconverted to the second format based on database information for thesecond vendor system.
 15. A computer program product for securelytransferring sensitive data from a first system to a second system usinga centralized authentication system, comprising at least onecomputer-readable medium including program instructions that, whenexecuted by at least one processor of an agent server of the centralizedauthentication system, causes the at least one processor to: register,with the centralized authentication system, a plurality of vendorsystems including at least a first vendor system and a second vendorsystem; register, with the centralized authentication system, aplurality of users, each user of the plurality of users associated withauthentication data; authenticate a user of the plurality of users basedon the authentication data associated with the user, wherein the user islocated remotely from the agent server and accesses the agent serverthrough a computer in communication with the agent server via a network;receive transfer request data from the computer operated by the user,the transfer request data comprising an identification of sensitive datamaintained by the first vendor system and an identification of thesecond vendor system; in response to receiving the transfer requestdata, retrieve the sensitive data from the first vendor system, thesensitive data structured in a first format; convert the sensitive datafrom the first format to a second format based on a database structureassociated with the second vendor system; and transfer the convertedsensitive data to the second vendor system.
 16. The computer programproduct of claim 15, wherein the program instructions further cause theat least one processor to: retrieve the sensitive data from the computeroperated by the user through a webpage; and forward the sensitive datato the first vendor system.
 17. The computer program product of claim15, wherein the computer operated by the user transmits the transferrequest data in response to selecting a link or object on a directorypage listing at least a portion of the plurality of vendor systems. 18.The computer program product of claim 15, wherein the identification ofthe sensitive data in the transfer request data comprises selectedinformation from sensitive records maintained by the first vendorsystem.
 19. The computer program product of claim 15, wherein thesensitive data is converted to the second format by compressing orencrypting the sensitive data.
 20. The computer program product of claim15, wherein the sensitive data is converted to the second format bymapping a plurality of data fields of the first format to a plurality ofdata fields of the second format.